-
-
Notifications
You must be signed in to change notification settings - Fork 698
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upgrade all dependencies #1540
Merged
Merged
upgrade all dependencies #1540
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate bot
referenced
this pull request
in trunk-io/trunk-action
Sep 28, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [chai](http://chaijs.com) ([source](https://togithub.com/chaijs/chai)) | [`4.3.9` -> `4.3.10`](https://renovatebot.com/diffs/npm/chai/4.3.9/4.3.10) | [![age](https://developer.mend.io/api/mc/badges/age/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/chai/4.3.9/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/chai/4.3.9/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>chaijs/chai (chai)</summary> ### [`v4.3.10`](https://togithub.com/chaijs/chai/releases/tag/v4.3.10) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.9...v4.3.10) This release simply bumps all dependencies to their latest non-breaking versions. #### What's Changed - upgrade all dependencies by [@​keithamus](https://togithub.com/keithamus) in [https://github.com/chaijs/chai/pull/1540](https://togithub.com/chaijs/chai/pull/1540) **Full Changelog**: chaijs/chai@v4.3.9...v4.3.10 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/trunk-io/trunk-action). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMDcuMiIsInVwZGF0ZWRJblZlciI6IjM2LjEwNy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot
referenced
this pull request
in runtime-env/import-meta-env
Sep 30, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [chai](http://chaijs.com) ([source](https://togithub.com/chaijs/chai)) | [`4.3.9` -> `4.3.10`](https://renovatebot.com/diffs/npm/chai/4.3.9/4.3.10) | [![age](https://developer.mend.io/api/mc/badges/age/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/chai/4.3.9/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/chai/4.3.9/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>chaijs/chai (chai)</summary> ### [`v4.3.10`](https://togithub.com/chaijs/chai/releases/tag/v4.3.10) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.9...v4.3.10) This release simply bumps all dependencies to their latest non-breaking versions. #### What's Changed - upgrade all dependencies by [@​keithamus](https://togithub.com/keithamus) in [https://github.com/chaijs/chai/pull/1540](https://togithub.com/chaijs/chai/pull/1540) **Full Changelog**: chaijs/chai@v4.3.9...v4.3.10 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/iendeavor/import-meta-env). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMDcuMiIsInVwZGF0ZWRJblZlciI6IjM2LjEwNy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
kodiakhq bot
referenced
this pull request
in erezrokah/aws-testing-library
Oct 2, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [chai](http://chaijs.com) ([source](https://togithub.com/chaijs/chai)) | [`4.3.8` -> `4.3.10`](https://renovatebot.com/diffs/npm/chai/4.3.8/4.3.10) | [![age](https://developer.mend.io/api/mc/badges/age/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/chai/4.3.8/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/chai/4.3.8/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>chaijs/chai (chai)</summary> ### [`v4.3.10`](https://togithub.com/chaijs/chai/releases/tag/v4.3.10) [Compare Source](https://togithub.com/chaijs/chai/compare/923d0a48fc59a910ecee37c85535379520a3e1b6...744a16e1cc4e8a9c6d4499e1e520a0bc4c80ec18) This release simply bumps all dependencies to their latest non-breaking versions. #### What's Changed - upgrade all dependencies by [@​keithamus](https://togithub.com/keithamus) in [https://github.com/chaijs/chai/pull/1540](https://togithub.com/chaijs/chai/pull/1540) **Full Changelog**: chaijs/chai@v4.3.9...v4.3.10 ### [`v4.3.9`](https://togithub.com/chaijs/chai/releases/tag/v4.3.9) [Compare Source](https://togithub.com/chaijs/chai/compare/d9ff2c6d3e3f306b8b76e081cc892f42bf551b26...923d0a48fc59a910ecee37c85535379520a3e1b6) Upgrade dependencies. This release upgrades dependencies to address **[CVE-2023-43646](https://www.cve.org/CVERecord?id=CVE-2023-43646)** where a large function name can cause "catastrophic backtracking" (aka ReDOS attack) which can cause the test suite to hang. **Full Changelog**: chaijs/chai@v4.3.8...v4.3.9 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/erezrokah/aws-testing-library). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjMiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
mattgodbolt
referenced
this pull request
in compiler-explorer/compiler-explorer
Oct 5, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [chai](http://chaijs.com) ([source](https://togithub.com/chaijs/chai)) | [`^4.3.8` -> `^4.3.10`](https://renovatebot.com/diffs/npm/chai/4.3.8/4.3.10) | [![age](https://developer.mend.io/api/mc/badges/age/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/chai/4.3.8/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/chai/4.3.8/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>chaijs/chai (chai)</summary> ### [`v4.3.10`](https://togithub.com/chaijs/chai/releases/tag/v4.3.10) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.9...v4.3.10) This release simply bumps all dependencies to their latest non-breaking versions. #### What's Changed - upgrade all dependencies by [@​keithamus](https://togithub.com/keithamus) in [https://github.com/chaijs/chai/pull/1540](https://togithub.com/chaijs/chai/pull/1540) **Full Changelog**: chaijs/chai@v4.3.9...v4.3.10 ### [`v4.3.9`](https://togithub.com/chaijs/chai/releases/tag/v4.3.9) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.8...v4.3.9) Upgrade dependencies. This release upgrades dependencies to address **[CVE-2023-43646](https://www.cve.org/CVERecord?id=CVE-2023-43646)** where a large function name can cause "catastrophic backtracking" (aka ReDOS attack) which can cause the test suite to hang. **Full Changelog**: chaijs/chai@v4.3.8...v4.3.9 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 8pm on monday" in timezone America/Chicago, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/compiler-explorer/compiler-explorer). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjMiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
sammcj
referenced
this pull request
in sammcj/github-app-installation-token
Oct 27, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@actions/core](https://togithub.com/actions/toolkit/tree/main/packages/core) ([source](https://togithub.com/actions/toolkit)) | [`1.10.0` -> `1.10.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.10.0/1.10.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@actions%2fcore/1.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@actions%2fcore/1.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@actions%2fcore/1.10.0/1.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@actions%2fcore/1.10.0/1.10.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [chai](http://chaijs.com) ([source](https://togithub.com/chaijs/chai)) | [`4.3.7` -> `4.3.10`](https://renovatebot.com/diffs/npm/chai/4.3.7/4.3.10) | [![age](https://developer.mend.io/api/mc/badges/age/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/chai/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/chai/4.3.7/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/chai/4.3.7/4.3.10?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [jsonwebtoken](https://togithub.com/auth0/node-jsonwebtoken) | [`9.0.0` -> `9.0.2`](https://renovatebot.com/diffs/npm/jsonwebtoken/9.0.0/9.0.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/jsonwebtoken/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/jsonwebtoken/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/jsonwebtoken/9.0.0/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/jsonwebtoken/9.0.0/9.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | | [prettier](https://prettier.io) ([source](https://togithub.com/prettier/prettier)) | [`2.8.7` -> `2.8.8`](https://renovatebot.com/diffs/npm/prettier/2.8.7/2.8.8) | [![age](https://developer.mend.io/api/mc/badges/age/npm/prettier/2.8.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/prettier/2.8.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/prettier/2.8.7/2.8.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/prettier/2.8.7/2.8.8?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>actions/toolkit (@​actions/core)</summary> ### [`v1.10.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1101) - Fix error message reference in oidc utils [#​1511](https://togithub.com/actions/toolkit/pull/1511) </details> <details> <summary>chaijs/chai (chai)</summary> ### [`v4.3.10`](https://togithub.com/chaijs/chai/releases/tag/v4.3.10) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.9...v4.3.10) This release simply bumps all dependencies to their latest non-breaking versions. #### What's Changed - upgrade all dependencies by [@​keithamus](https://togithub.com/keithamus) in [https://github.com/chaijs/chai/pull/1540](https://togithub.com/chaijs/chai/pull/1540) **Full Changelog**: chaijs/chai@v4.3.9...v4.3.10 ### [`v4.3.9`](https://togithub.com/chaijs/chai/releases/tag/v4.3.9) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.8...v4.3.9) Upgrade dependencies. This release upgrades dependencies to address **[CVE-2023-43646](https://www.cve.org/CVERecord?id=CVE-2023-43646)** where a large function name can cause "catastrophic backtracking" (aka ReDOS attack) which can cause the test suite to hang. **Full Changelog**: chaijs/chai@v4.3.8...v4.3.9 ### [`v4.3.8`](https://togithub.com/chaijs/chai/releases/tag/v4.3.8) [Compare Source](https://togithub.com/chaijs/chai/compare/v4.3.7...v4.3.8) #### What's Changed - 4.x.x: Fix link to commit logs on GitHub by [@​bugwelle](https://togithub.com/bugwelle) in [https://github.com/chaijs/chai/pull/1487](https://togithub.com/chaijs/chai/pull/1487) - build(deps): bump socket.io-parser from 4.0.4 to 4.0.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/chaijs/chai/pull/1488](https://togithub.com/chaijs/chai/pull/1488) - Small typo in test.js by [@​mavaddat](https://togithub.com/mavaddat) in [https://github.com/chaijs/chai/pull/1459](https://togithub.com/chaijs/chai/pull/1459) - docs: specify return type of objDisplay by [@​scarf005](https://togithub.com/scarf005) in [https://github.com/chaijs/chai/pull/1490](https://togithub.com/chaijs/chai/pull/1490) - Update CONTRIBUTING.md by [@​matheus-rodrigues00](https://togithub.com/matheus-rodrigues00) in [https://github.com/chaijs/chai/pull/1521](https://togithub.com/chaijs/chai/pull/1521) - Fix: update exports.version to current version by [@​peanutenthusiast](https://togithub.com/peanutenthusiast) in [https://github.com/chaijs/chai/pull/1534](https://togithub.com/chaijs/chai/pull/1534) #### New Contributors - [@​bugwelle](https://togithub.com/bugwelle) made their first contribution in [https://github.com/chaijs/chai/pull/1487](https://togithub.com/chaijs/chai/pull/1487) - [@​mavaddat](https://togithub.com/mavaddat) made their first contribution in [https://github.com/chaijs/chai/pull/1459](https://togithub.com/chaijs/chai/pull/1459) - [@​scarf005](https://togithub.com/scarf005) made their first contribution in [https://github.com/chaijs/chai/pull/1490](https://togithub.com/chaijs/chai/pull/1490) - [@​matheus-rodrigues00](https://togithub.com/matheus-rodrigues00) made their first contribution in [https://github.com/chaijs/chai/pull/1521](https://togithub.com/chaijs/chai/pull/1521) - [@​peanutenthusiast](https://togithub.com/peanutenthusiast) made their first contribution in [https://github.com/chaijs/chai/pull/1534](https://togithub.com/chaijs/chai/pull/1534) **Full Changelog**: chaijs/chai@v4.3.7...v4.3.8 </details> <details> <summary>auth0/node-jsonwebtoken (jsonwebtoken)</summary> ### [`v9.0.2`](https://togithub.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#902---2023-08-30) [Compare Source](https://togithub.com/auth0/node-jsonwebtoken/compare/v9.0.1...v9.0.2) - security: updating semver to 7.5.4 to resolve CVE-2022-25883, closes [#​921](https://togithub.com/auth0/node-jsonwebtoken/issues/921). - refactor: reduce library size by using lodash specific dependencies, closes [#​878](https://togithub.com/auth0/node-jsonwebtoken/issues/878). ### [`v9.0.1`](https://togithub.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#901---2023-07-05) [Compare Source](https://togithub.com/auth0/node-jsonwebtoken/compare/v9.0.0...v9.0.1) - fix(stubs): allow decode method to be stubbed </details> <details> <summary>prettier/prettier (prettier)</summary> ### [`v2.8.8`](https://togithub.com/prettier/prettier/blob/HEAD/CHANGELOG.md#288) [Compare Source](https://togithub.com/prettier/prettier/compare/2.8.7...2.8.8) This version is a republished version of v2.8.7. A bad version was accidentally published and [it can't be unpublished](https://togithub.com/npm/cli/issues/1686), apologies for the churn. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/sammcj/github-app-installation-token). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS42Mi4wIiwidXBkYXRlZEluVmVyIjoiMzcuMC4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Woodpile37
added a commit
to Woodpile37/EIPs
that referenced
this pull request
Nov 4, 2023
<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br /><h3>Snyk has created this PR to upgrade chai from 4.3.6 to 4.3.10.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **4 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2023-09-28. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>chai</b></summary> <ul> <li> <b>4.3.10</b> - <a href="https://snyk.io/redirect/github/chaijs/chai/releases/tag/v4.3.10">2023-09-28</a></br><p>This release simply bumps all dependencies to their latest non-breaking versions.</p> <h2>What's Changed</h2> <ul> <li>upgrade all dependencies by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/keithamus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/keithamus">@ keithamus</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1916961847" data-permission-text="Title is private" data-url="chaijs/chai#1540" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1540/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1540">#1540</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://snyk.io/redirect/github/chaijs/chai/compare/v4.3.9...v4.3.10"><tt>v4.3.9...v4.3.10</tt></a></p> </li> <li> <b>4.3.9</b> - <a href="https://snyk.io/redirect/github/chaijs/chai/releases/tag/v4.3.9">2023-09-27</a></br><p>Upgrade dependencies.</p> <p>This release upgrades dependencies to address <strong><a href="https://www.cve.org/CVERecord?id=CVE-2023-43646" rel="nofollow">CVE-2023-43646</a></strong> where a large function name can cause "catastrophic backtracking" (aka ReDOS attack) which can cause the test suite to hang.</p> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://snyk.io/redirect/github/chaijs/chai/compare/v4.3.8...v4.3.9"><tt>v4.3.8...v4.3.9</tt></a></p> </li> <li> <b>4.3.8</b> - <a href="https://snyk.io/redirect/github/chaijs/chai/releases/tag/v4.3.8">2023-08-24</a></br><h2>What's Changed</h2> <ul> <li>4.x.x: Fix link to commit logs on GitHub by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bugwelle/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bugwelle">@ bugwelle</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1442318999" data-permission-text="Title is private" data-url="chaijs/chai#1487" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1487/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1487">#1487</a></li> <li>build(deps): bump socket.io-parser from 4.0.4 to 4.0.5 by <a class="user-mention notranslate" data-hovercard-type="organization" data-hovercard-url="/orgs/dependabot/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/dependabot">@ dependabot</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1442803192" data-permission-text="Title is private" data-url="chaijs/chai#1488" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1488/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1488">#1488</a></li> <li>Small typo in test.js by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mavaddat/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/mavaddat">@ mavaddat</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1154733117" data-permission-text="Title is private" data-url="chaijs/chai#1459" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1459/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1459">#1459</a></li> <li>docs: specify return type of objDisplay by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/scarf005/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/scarf005">@ scarf005</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1476032440" data-permission-text="Title is private" data-url="chaijs/chai#1490" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1490/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1490">#1490</a></li> <li>Update CONTRIBUTING.md by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/matheus-rodrigues00/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/matheus-rodrigues00">@ matheus-rodrigues00</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1732701131" data-permission-text="Title is private" data-url="chaijs/chai#1521" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1521/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1521">#1521</a></li> <li>Fix: update exports.version to current version by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/peanutenthusiast/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/peanutenthusiast">@ peanutenthusiast</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1864098264" data-permission-text="Title is private" data-url="chaijs/chai#1534" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1534/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1534">#1534</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bugwelle/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bugwelle">@ bugwelle</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1442318999" data-permission-text="Title is private" data-url="chaijs/chai#1487" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1487/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1487">#1487</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/mavaddat/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/mavaddat">@ mavaddat</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1154733117" data-permission-text="Title is private" data-url="chaijs/chai#1459" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1459/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1459">#1459</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/scarf005/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/scarf005">@ scarf005</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1476032440" data-permission-text="Title is private" data-url="chaijs/chai#1490" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1490/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1490">#1490</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/matheus-rodrigues00/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/matheus-rodrigues00">@ matheus-rodrigues00</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1732701131" data-permission-text="Title is private" data-url="chaijs/chai#1521" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1521/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1521">#1521</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/peanutenthusiast/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/peanutenthusiast">@ peanutenthusiast</a> made their first contribution in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1864098264" data-permission-text="Title is private" data-url="chaijs/chai#1534" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1534/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1534">#1534</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://snyk.io/redirect/github/chaijs/chai/compare/v4.3.7...v4.3.8"><tt>v4.3.7...v4.3.8</tt></a></p> </li> <li> <b>4.3.7</b> - <a href="https://snyk.io/redirect/github/chaijs/chai/releases/tag/v4.3.7">2022-11-07</a></br><h2>What's Changed</h2> <ul> <li>fix: deep-eql bump package to support symbols comparison by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/snewcomer/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/snewcomer">@ snewcomer</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1438632532" data-permission-text="Title is private" data-url="chaijs/chai#1483" data-hovercard-type="pull_request" data-hovercard-url="/chaijs/chai/pull/1483/hovercard" href="https://snyk.io/redirect/github/chaijs/chai/pull/1483">#1483</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://snyk.io/redirect/github/chaijs/chai/compare/v4.3.6...v4.3.7"><tt>v4.3.6...v4.3.7</tt></a></p> </li> <li> <b>4.3.6</b> - <a href="https://snyk.io/redirect/github/chaijs/chai/releases/tag/v4.3.6">2022-01-26</a></br><p>Update loupe to 2.3.1</p> </li> </ul> from <a href="https://snyk.io/redirect/github/chaijs/chai/releases">chai GitHub release notes</a> </details> </details> <details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>chai</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/744a16e1cc4e8a9c6d4499e1e520a0bc4c80ec18">744a16e</a> 4.3.10</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/0ccd823cb3ee6a433156c4e23cc67de79d4f368d">0ccd823</a> upgrade all dependencies (ethereum#1540)</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/923d0a48fc59a910ecee37c85535379520a3e1b6">923d0a4</a> 4.3.9</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/1a0f8872711f64b8353c30ebcfdf0ceeab404bab">1a0f887</a> make</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/a141e5739ab32ae579cd2df2eb745dbf1375ac27">a141e57</a> upgrade deps</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/d9ff2c6d3e3f306b8b76e081cc892f42bf551b26">d9ff2c6</a> 4.3.8</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/8d3205b27e706f188f1c4f548d23b989eb60a0db">8d3205b</a> build</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/b351dc09440e87917f25daa8d49dfb8866efc704">b351dc0</a> Fix: update exports.version to current version (ethereum#1534)</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/1a8247f30dbe0f54268a9748ae673caec75d6bfe">1a8247f</a> Update CONTRIBUTING.md (ethereum#1521)</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/3a8c49a70733ac7f4570925415e9a8544e2ee1c3">3a8c49a</a> docs: specify return type of objDisplay (ethereum#1490)</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/b45512409768514aac931a54da628adf2d27a934">b455124</a> test: fix typo in test.js (ethereum#1459)</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/98f42337562429353e829ebc4f85a00622087fce">98f4233</a> build(deps): bump socket.io-parser from 4.0.4 to 4.0.5 (ethereum#1488)</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/acd16e0033591d849b82f0700fd223072ebf420c">acd16e0</a> chore: 4.x.x: Fix link to commit logs on GitHub (ethereum#1487)</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/3c947a7f33b021730ea68a52bd15712fe57134be">3c947a7</a> build</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/775f50958422278933db6efefa1ec2526191e632">775f509</a> 4.3.7</li> <li><a href="https://snyk.io/redirect/github/chaijs/chai/commit/8e780b44f321056c960f00b94b4c2aefa3392c21">8e780b4</a> fix: deep-eql bump package to support symbols comparison (ethereum#1483)</li> </ul> <a href="https://snyk.io/redirect/github/chaijs/chai/compare/529b8b527ba99454471ac67d6aebca9d96cb5dd9...744a16e1cc4e8a9c6d4499e1e520a0bc4c80ec18">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJkMDQzOThiZC0wYzlmLTQyMmEtOGEyZi0yNTQ2NDNjMDY2MDMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImQwNDM5OGJkLTBjOWYtNDIyYS04YTJmLTI1NDY0M2MwNjYwMyJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/woodpile37/project/3a4e6031-90ad-4f6e-a8f2-e52f97555f14?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/woodpile37/project/3a4e6031-90ad-4f6e-a8f2-e52f97555f14/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/woodpile37/project/3a4e6031-90ad-4f6e-a8f2-e52f97555f14/settings/integration?pkg=chai&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"d04398bd-0c9f-422a-8a2f-254643c06603","prPublicId":"d04398bd-0c9f-422a-8a2f-254643c06603","dependencies":[{"name":"chai","from":"4.3.6","to":"4.3.10"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/woodpile37/project/3a4e6031-90ad-4f6e-a8f2-e52f97555f14?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"3a4e6031-90ad-4f6e-a8f2-e52f97555f14","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2023-09-28T09:50:37.566Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]}) --->
This was referenced May 21, 2024
This was referenced May 24, 2024
Open
Open
Open
This was referenced May 24, 2024
This was referenced Jul 26, 2024
Open
Open
This was referenced Jul 31, 2024
This was referenced Aug 10, 2024
Open
Open
This was referenced Nov 1, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This upgrades all dependencies in the
4.x
branch to their latest non-breaking versions.